I knew there was a reason not to blindly migrate from Tiger to Leopard.
So, my Web hosting account comes with free email accounts. They
support ghetto SSL (i.e. unrecognized CA), so I get this warning:
Mail can't verify the identity of "mail.example.com".
The certificate for this server was signed by an unknown certifying
authority. You might be connecting to a server that is blah blah
blah blah blah information at risk. Would you like to connect to
the server anyway?
Since I have already had my spirit broken and been trained to accept
compromises in security, I click Connect.
At this point, Apple Mail 2 (Tiger) sends my message using an
encrypted channel. My SMTP login credentials and my message are
vulnerable only to a MITM attack.
In the new and improved Apple Mail 3 (Leopard) I get a send failure:
Cannot send the message using server mail.example.com:username
The certificate for this server was signed by an unknown certifying
authority.
Select a different outgoing mail server from the list below or...
Apparently Apple wants me to disable SSL so anybody using the same
hotspot can read my messages and steal my credentials.
The security is a lie.
The security is a lie.
The security is a lie.
The security is a lie.
Oh, and asking me if I want to do something that you then won't let
me do isn't exactly a win for user-friendliness, either.
You make me sad.
Josh
